Download  Print this page

Xerox WorkCentre 5845 User Information

Multi-function device security target
Hide thumbs

Advertisement

Table of Contents
Xerox Multi-Function Device
Security Target
WorkCentre 5845, 5855, 5865, 5875,
5890, 7220, 7225, 7830, 7835, 7845, 7855
& ColorQube 9301, 9302, 9303
Prepared by:
Xerox Corporation
800 Phillips Road
Webster, New York 14580
Computer Sciences Corporation
7231 Parkway Drive
Hanover, Maryland 21076
Document Version 2.0, Revision 2.0

Advertisement

Table of Contents
loading

  Related Manuals for Xerox WorkCentre 5845

  Summary of Contents for Xerox WorkCentre 5845

  • Page 1 Xerox Multi-Function Device Security Target WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303 Prepared by: Xerox Corporation Computer Sciences Corporation 800 Phillips Road 7231 Parkway Drive Webster, New York 14580 Hanover, Maryland 21076...
  • Page 2 ©2013 Xerox Corporation. All rights reserved. Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United States and/or other counties. All copyrights referenced herein are the property of their respective owners. Other company trademarks are also acknowledged.
  • Page 3 TOE Function Access Control SFP ................... 39 6.3..................40 ECURITY UNCTIONAL EQUIREMENTS 6.3.1. Class FAU: Security audit ....................41 6.3.2. Class FCO: Communication .................... 43 6.3.3. Class FCS: Cryptographic support ................... 43  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 4: Table Of Contents

    User Data Protection – Disk Encryption (TSF_FDP_UDE) ..........73 7.1.8. User Data Protection – IP Filtering (TSF_FDP_FILTER) ........... 73 7.1.9. Network Security (TSF_NET_SEC) ................... 73 7.1.10. Security Management (TSF_FMT) ................73 GLOSSARY......................77 ACRONYMS ......................81 10. BIBLIOGRAPHY ...................... 83  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 5 ............... 59 ABLE UFFICIENCY OF SECURITY FUNCTIONAL REQUIREMENTS 31: SFR ......................65 ABLE DEPENDENCIES SATISFIED 32: EAL2 ( ALC_FLR.3) SAR ..........67 ABLE AUGMENTED WITH DEPENDENCIES SATISFIED 33: A ..........................81 ABLE CRONYMS  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 6: Table 1: St And Toe Identification

    ST and TOE Identification Table 1 below presents key identification details relevant to the CC evaluation of the WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303. Table 1: ST and TOE identification...
  • Page 7: Figure 1: Xerox Workcentre 5845/5855/5865/5875/5890

    1.2.1. Usage and Security Features The WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303, the Target of Evaluation (TOE), is a multi-function device (MFD) that copies and prints with scan and fax options.
  • Page 8: Figure 2: Xerox Workcentre 7220/7225

    Xerox Multi-Function Device Security Target Figure 2: Xerox WorkCentre 7220/7225 Figure 3: Xerox WorkCentre 7830/7835/7845/7855 Figure 4: Xerox ColorQube 9301/9302/9303  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 9: Table 2: Models And Capabilities

    Secure Shell (SSH) File Transfer Protocol (SFTP) and TLS are available for protecting document transfers to a remote file depository. o Internet Protocol Security (IPsec) support is available for protecting communication over IPv4 and IPv6 networks.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 10: Toe Type

    Standard (FIPS) 201 Personal Identity Verification Common Access Card (PIV-CAC) compliant smart cards and readers or equivalent. In support of smart card authentication, a Windows Domain Controller must also be present in the environment.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 11: Table 3: Evaluated Software Version

    1.3.1. Physical Scope of the TOE The TOE is an MFD (WorkCentre 5845, 5855, 5865, 5875, 5890, 7220, 7225, 7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303) that consists of a printer, copier, scanner, fax (if installed) and associated administrator and user guidance.
  • Page 12: Logical Scope Of The Toe

    Xerox ColorQube 9301/9302/9303 February 2013 ConnectKey Controller User Guide Secure Installation and Operation of Your Xerox WorkCentre 5845, 5855, 5865, 5875, May 2013 5890, 7220, 7225, 7830, 7835, 7845, 7855 & ColorQube 9301, 9302, 9303 The TOE’s physical interfaces include a power port, an ethernet port, USB ports, serial ports, fax ports (if fax accessory is installed), LUI with keypad, a document scanner, a document feeder and a document output.
  • Page 13 The TOE utilizes digital signature generation and verification (RSA), data encryption (TDES, AES), key establishment (RSA) and cryptographic checksum generation and secure hash computation (HMAC, SHA-1) in support of disk encryption, SFTP, TLS and IPsec.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 14: User Data Protection – Ip Filtering (Tsf_Fdp_Filter)

    LUI and WebUI. User and role management is only accessible via the Web UI. The TOE is capable of verifying the integrity of the TSF at the request of the administrator.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 15: E Valuated C Onfiguration

     Smart eSolutions. Suite of features that provide free services to enable administration of metered billing and supplies replenishment plans for printers on a network.  Xerox Extensible Interface Platform (EIP). Allows independent software vendors and partners to develop personalized and customized document management solutions. These solutions can be integrated and accessed directly from the printer control panel.
  • Page 16: Conformance Claims

    ALC_FLR.3, and the following additional packages from IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600™ -2008 Operational Environment B (IEEE Std. 2600.2-2009):  2600.2-PRT, SFR Package for Hardcopy Device Print Functions, Operational Environment B  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 17: Table 5: Ieee Std. 2600.2-2009 Common Sfr Augmentations

    (including iterated) SFRs from CC Part 2 shown in Table 5. Table 5: IEEE Std. 2600.2-2009 common SFR augmentations Family Augmentation Audit FAU_STG.1, FAU_STG.4 Cryptographic Support FCS_COP.1, FCS_CKM.1, FCS_CKM.2, FCS_CKM.4  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 18: Table 6: Ieee Std. 2600.2-2009 Package Augmentations

    The packages shown in Table 6 from IEEE Std. 2600.2-2009 have been augmented with additional (including iterated) SFRs from CC Part 2. Table 6: IEEE Std. 2600.2-2009 package augmentations Package Augmentation FDP_IFC.1 (FILTER), FDP_IFF.1 (FILTER)  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 19: Table 7: Users

    User Data are data created by and for Users and do not affect the operation of the TOE Security Functionality (TSF). This type of data is composed of two objects: User Document Data, and User Function Data, as shown in Table 8.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 20: Table 8: User Data

    Cryptographic keys configuration settings Device service and diagnostic data X.509 Certificate (TLS) User IDs and Passwords User Access Permissions 802.1x Credentials and Configuration IP filter table (rules) Email Addresses for fax forwarding  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 21: Table 11: Sfr Package Functions For Ieee Std. 2600.2-2009

    (Create, Modify, Delete), and those that invoke a function (Execute). 3.1.4. Channels Channels are the mechanisms through which data can be transferred into and out of the TOE. In this Security Target, four types of Channels are allowed:  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 22: Table 12: Assumptions For The Toe

    TOE in accordance with those policies and procedures. A.ADMIN.TRUST Administrators do not use their privileged access rights for malicious purposes.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 23: Table 13: Threats To User Data

    TSF Confidential Data may be disclosed to unauthorized persons T.CONF.ALT D.CONF TSF Confidential Data may be altered by unauthorized persons 3.3.2. Threats Addressed by the IT Environment There are no threats addressed by the IT Environment.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 24: Table 15: Organizational Security Policies

    P.INTERFACE.MANAGEMENT To prevent unauthorized use of the external interfaces of the TOE, operation of those interfaces will be controlled by the TOE and its IT environment.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 25: Table 16: Security Objectives For The Toe

    The TOE shall provide procedures to self-verify executable code in the TSF. O.AUDIT.LOGGED The TOE shall create and maintain a log of TOE use and security-relevant events, and prevent its unauthorized disclosure or alteration.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 26: Table 17: Security Objectives For The It Environment

    TOE external interfaces. OE.USER.AUTHENTICATED The IT environment shall provide support for user identification and authentication and protect the user credentials in transit when TOE operates in remote identification and authentication mode.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 27: Table 18: Security Objectives For The Non-It Environment

    This section demonstrates that each threat, organizational security policy, and assumption are mitigated by at least one security objective for the TOE, and that those security objectives counter the threats, enforce the policies, and uphold the assumptions.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 28: Table 19: Completeness Of Security Objectives

    O.DOC.NO_DIS protects D.DOC may be disclosed to from unauthorized disclosure unauthorized persons O.USER.AUTHORIZED establishes user identification and authentication as the basis for authorization OE.USER.AUTHORIZED establishes responsibility of the TOE Owner to appropriately grant authorization  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 29 T.PROT.ALT TSF Protected Data O.PROT.NO_ALT protects may be altered by D.PROT from unauthorized unauthorized persons alteration O.USER.AUTHORIZED establishes user identification and authentication as the basis for authorization  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 30 P.USER.AUTHORIZATION Users will be O.USER.AUTHORIZED authorized to use the establishes user identification and authentication as the basis for authorization to use the TOE  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 31 O.INTERFACE.MANAGED interfaces will be manages the operation of external controlled by the TOE interfaces in accordance with and its IT environment. security policies OE.INTERFACE.MANAGED establishes a protected environment for TOE external interfaces  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 32 Administrators. A.USER.TRAINING TOE Users are aware OE.USER.TRAINED establishes of and trained to follow responsibility of the TOE Owner to security policies and provide appropriate User training. procedures  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 33 Direct forwarding of data from one external interface to another one requires explicit allowance by an authorized administrative role. Management: FPT_FDI_EXP.1  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 34 FPT_FDI_EXP.1 Restricted forwarding of data to external interfaces Hierarchical to: No other components. Dependencies: FMT_SMF.1 Specification of Management Functions FMT_SMR.1 Security roles.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 35 FPT_FDI_EXP.1.1 The TSF shall provide the capability to restrict data received on [assignment: list of external interfaces] from being forwarded without further processing by the TSF to [assignment: list of external interfaces].  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 36: C Onventions

    ID for the iteration (e.g. “(FILTER)”). The resulting component ID would be “FDP_IFC.1 (FILTER)”.  Where an iteration is identified in rationale discussion as “all”, the statement applies to all iterations of the requirement (e.g. “FMT_MTD.1 (all)”)  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 37: Table 21: User Access Control Sfp

    Denied, except when U.NORMAL, the associated Delete U.ADMINISTRATOR D.FUNC is deleted. Denied, except for U.NORMAL, his/her own +SCN Read, Delete U.ADMINISTRATOR documents Denied, except for U.NORMAL, +CPY Read, Delete his/her own U.ADMINISTRATOR documents  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 38: Table 22: Attributes Definition

    U.ADMINISTRATOR +faxOUT Delete Allowed (System Administrator) Table 22: Attributes Definition Designation Definition +PRT Indicates data that are associated with a print job. +SCN Indicates data that are associated with a scan job.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 39: Toe Function Access Control Sfp

    SFR Packages in Section 12.3 via the Web UI or the LUI:  Print (PRT)  Scan (SCN)  Fax (faxIN / faxOUT)  Copy (CPY)  Document Storage and Retrieval (DSR)  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 40: Table 23: Toe Security Functional Requirements

    Security attribute based access control FDP_IFC.1 Subset information flow control FDP_IFF.1 Simple security attributes FDP_RIP.1 Subset residual information protection FIA_ATD.1 User attribute definition FIA_UAU.1 Timing of authentication FIA_UAU.7 Protected authentication feedback FIA_UID.1 Timing of identification  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 41 PP/ST, [for each Relevant SFR listed in Table 24: (1) information as defined by its Audit Level (if one is specified), and (2) all Additional Information (if any is required),  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 42: Table 24: Audit Data Requirements

    This audit event is required by the addition of the IEEE 2600.2-SMI SFR Package. The developer added it to the existing table of events rather than adding an iteration for FAU_GEN.1.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 43: Table 25: Cryptographic Operations

    Table 25: Cryptographic operations Cryptographic Cryptographic Key Sizes Standards & Certs.* Operations Algorithm (bits) FIPS 46-3 (cert #826 Triple DES (CBC) and #1174) Symmetric encryption and decryption FIPS 197 (cert #1131 AES (CBC) and #1821)  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 44: Table 26: Cryptographic Key Generation

    Hierarchical to: No other components. Dependencies: [FDP_ITC.1 Import of user data without security attributes, or FDP_ITC.2 Import of user data with security attributes, or FCS_CKM.1 Cryptographic key generation] FCS_CKM.4 Cryptographic key destruction  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 45: Table 27: Cryptographic Key Distribution

    User Access Control SFP in Table 21]. Application Note: This SFR covers FDP_ACC.1 (a) and FDP_ACC.1 from all claimed packages (PRT, SCN, CPY, FAX, DSR) in the IEEE Std. 2600.2  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 46 (PRT, SCN, CPY, FAX, DSR) in the IEEE Std. 2600.2 6.3.4.4. FDP_ACF.1 (FUNC) Security attribute based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 47 FDP_IFF.1.1 (FILTER) The TSF shall enforce the [IPFilter SFP] based on the following types of subject and information security attributes: [ Subjects: External entities that send traffic to the TOE o IP address,  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 48: Class Fia: Identification And Authentication

    Class FIA: Identification and authentication 6.3.5.1. FIA_ATD.1 User attribute definition Hierarchical to: No other components Dependencies: No dependencies FIA_ATD.1.1 The TSF shall maintain the following list of security attributes belonging to individual users: [username, password, role].  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 49 [subjects will be assigned the security attributes of the user that they are acting on behalf of]. FIA_USB.1.3 The TSF shall enforce the following rules governing changes to the user security attributes with the subjects  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 50: Class Fmt: Security Management

    Application Note: This SFR is FMT_MSA.1 (b) from The IEEE Std. 2600.2 6.3.6.3. FMT_MSA.3 (USER) Static attribute initialisation Hierarchical to: No other components. Dependencies: FMT_MSA.1 Management of security attributes FMT_SMR.1 Security roles  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 51 Application Note: This SFR is part of FMT_MTD.1 from The IEEE Std. 2600.2 PP. 6.3.6.6. FMT_MTD.1 (MGMT2) Management of TSF data Hierarchical to: No other components. Dependencies: FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 52 Fax Forwarding Email Addresses] to [U.ADMINISTRATOR (System Administrator)]. 6.3.6.9. FMT_SMF.1 Specification of Management Functions Hierarchical to: No other components. Dependencies: No dependencies. FMT_SMF.1.1 The TSF shall be capable of performing the following management functions: [  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 53 Enable/disable and configure fax forwarding to email; and, Perform software self-test]. 6.3.6.10. FMT_SMR.1 Security roles Hierarchical to: No other components. Dependencies: FIA_UID.1 Timing of identification FMT_SMR.1.1 The TSF shall maintain the roles [U.ADMINISTRATOR (System Administrator), U.ADMINISTRATOR (Accounting  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 54: Class Fpr: Privacy

    TSF: Immediate Image Overwrite]. FPT_TST.1.2 The TSF shall provide authorised users with the capability to verify the integrity of [the following parts of TSF data: Software Module version (configuration data); IP Filtering Tables].  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 55: Class Fta: Toe Access

    The TSF shall permit the TSF, another trusted IT product to initiate communication via the trusted channel. FTP_ITC.1.3 The TSF shall initiate communication via the trusted channel [communication D.DOC, D.FUNC, D.PROT, D.CONF over Shared-medium interface].  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 56: Table 28: Ieee 2600.2 Security Assurance Requirements

    Security Assurance Requirements; they are not iterated or refined from their counterparts in CC Part 3. Table 28: IEEE 2600.2 security assurance requirements Assurance Class Assurance Components ADV: Development ADV_ARC.1 Security architecture description  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 57: R Equirements

    Security Target, that do not originate in IEEE Std. 2600.2-2009, have been added to these tables. Bold typeface items provide principal (P) fulfillment of the objectives, and normal typeface items provide supporting (S) fulfillment.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 58: Table 29: Completeness Of Security Functional Requirements

    Table 29: Completeness of security functional requirements SFRs Objectives SFRs FAU_GEN.1 FAU_GEN.2 FAU_STG.1 FAU_STG.4 FCS_COP.1 FCS_CKM.1 FCS_CKM.2 FCS_CKM.4 FDP_ACC.1 (USER) FDP_ACC.1 (FUNC) FDP_ACF.1 (USER) FDP_ACF.1 (FUNC) FDP_IFC.1 (FILTER) FDP_IFF.1 (FILTER) FDP_RIP.1 FIA_ATD.1 FIA_UAU.1 FIA_UAU.7 FIA_UID.1 FIA_USB.1 FMT_MSA.1 (USER)  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 59: Table 30: Sufficiency Of Security Functional Requirements

    Purpose O.DOC.NO_DIS, Protection of User FDP_ACC.1(USER) Enforces protection by establishing an O.DOC.NO_ALT, Data from O.FUNC.NO_ALT unauthorized access control disclosure or policy. alteration FDP_ACF.1(USER) Supports access control policy by providing access control function.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 60 FMT_SMR.1 Supports control of security attributes by requiring security roles. O.USER.AUTHO Authorization of FDP_ACC.1(FUNC) Enforces authorization by RIZED Normal Users and Administrators to establishing an use the TOE access control policy.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 61 FMT_MSA.3(FUNC) Supports access control function by enforcing control of security attribute defaults. FMT_SMR 1 Supports authorization by requiring security roles. FTA_SSL.3 Enforces authorization by terminating inactive sessions.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 62 Verification of FPT_TST.1 Enforces verification of ERIFIED software integrity software by requiring self tests. O.AUDIT.LOGGE Logging and FAU_GEN.1 Enforces audit policies by authorized access to audit events requiring logging of relevant events.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 63 FAU_STG.1 Enforces the audit policies by preventing unauthorized modification or deletion. FAU_STG.4 Enforces the audit policies by preventing loss of newer audit trail data. FIA_UID.1 Supports audit policies by requiring user identification  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 64: R Equirements

    ALC_FLR.2 encompasses all requirements of ALC_FLR.2 plus some additional requirements. ALC_FLR.3 ensures that instructions and procedures for the reporting and remediation of identified security flaws are in place and their  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 65: Table 31: Sfr Dependencies Satisfied

    FCS_CKM.2 or FCS_COP.1 FCS_CKM.1 FCS_CKM.4 FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.2 FCS_CKM.1 FCS_CKM.4 FDP_ITC.1 or FDP_ITC.2 FCS_CKM.4 FCS_CKM.1 FDP_ACC.1(USER) FDP_ACF.1 Yes, FDP_ACF.1(USER) FDP_ACC.1(FUNC) FDP_ACF.1 Yes, FDP_ACF.1(FUNC) FDP_ACC.1 Yes, FDP_ACC.1(USER) FDP_ACF.1(USER) FMT_MSA.3 Yes, FMT_MSA.3(USER)  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 66 In fact, these features are configured and, with the exception of IP Filter rules, cannot be modified by the system administrator other than to enable or disable them. It is for these reasons that the dependency on FMT_MSA.3 is not and cannot be expected to be met.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 67: Table 32: Eal2 ( Augmented With Alc_Flr.3) Sar

    For this TOE, the restricted forwarding from the external interfaces to the network controller are architectural design features which cannot be configured; hence the dependencies on FMT_SMF.1 and FMT_SMR.1 are not met.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 68 ASE_OBJ.2 ASE_SPD.1 ASE_REQ.2 ASE_ECD.1 ASE_OBJ.2 ASE_SPD.1 None ASE_TSS.1 ADV_FSP.1 Yes, hierarchically ASE_INT.1 ASE_REQ.1 Yes, hierarchically ATE_COV.1 ADV_FSP.2 ATE_FUN.1 ATE_FUN.1 ATE_COV.1 ATE_IND.2 ADV_FSP.2 AGD_OPE.1 AGD_PRE.1 ATE_COV.1 ATE_FUN.1 AVA_VAN.2 ADV_ARC.1 ADV_FSP.2 ADV_TDS.1 AGD_OPE.1 AGD_PRE.1  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 69: Toe Summary Specification

    The definition of this reserved section is statically stored within the TOE and cannot be manipulated. Immediately Files are stored inside mailboxes. They may be deleted by their owner through individual file deletions or deletion of the mailbox.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 70: Information Flow Security (Tsf_Flow)

    Likewise, for fax interface to network interface (fax forwarding to email) jobs, the entire job must be  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 71: Authentication (Tsf_ Aut)

    (a trusted remote IT entity). User credentials entered at the LUI or Web UI are authenticated at the server instead of the TOE. The network authentication services supported by the TOE are: smart  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 72: Security Audit (Tsf_Fau)

    Application Note: For print and LanFax jobs not submitted from the Web UI, the network username associated with the logged in user at the client workstation will be recorded in the audit log. 7.1.6. Cryptographic Operations (TSF_FCS) FCS_COP.1, FCS_CKM.1, FCS_CKM.2, FCS_CKM.4  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 73: Network Security (Tsf_Net_Sec)

    IPv4 and IPv6; Kerberos and TLS for remote authentication. 7.1.10. Security Management (TSF_FMT) FDP_ACC.1 (USER), FDP_ACC.1 (FUNC), FDP_ACF.1 (USER), FDP_ACF.1 (FUNC), FIA_ATD.1, FMT_SMF.1, FMT_MSA.1 (USER), FMT_MSA.1 (FUNC), FMT_MSA.3 (USER), FMT_MSA.3 (FUNC), FMT_MTD.1 (MGMT1), FMT_MTD.1 (MGMT2), FMT_MTD.1 (KEY), FTP_TST.1  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 74 LUI or Web UI. The Web UI only allows deletion of jobs submitted via the Web UI. Deletion of a Secure Print job requires knowledge of the associated passcode.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 75 Also during initial start up, the version number of the software  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 76 The system administrator can verify the integrity of the TOE software image through the Web UI using the software verification feature.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 77: Glossary

    Enterprise: An operational context typically consisting of centrally-managed networks of IT products protected from direct Internet access by firewalls. Enterprise environments generally include medium to large businesses, certain governmental agencies, and organizations requiring managed telecommuting systems and remote offices  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 78 Normal User: A User who is authorized to perform User Document Data processing functions of the TOE. Object: A passive entity in the TOE, that contains or receives information, and upon which subjects perform operations.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 79 TOE. SFR package: A named set of security functional requirements. Shared-medium interface: Mechanism for transmitting or receiving data that uses wired or wireless network or non-network electronic methods over a  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 80 User Function Data: The asset that consists of the information about a user’s document or job to be processed by the HCD.  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 81: Table 33: Acronyms

    Internet Printing Protocol IPsec Internet Protocol Security Information Technology LDAP Lightweight Directory Access Protocol Line Printer Remote Local User Interface Multifunctional Device Multifunctional Product / Peripheral / Printer Nonvolatile Storage ODIO On-Demand Image Overwrite  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 82 Public Switched Telephone Network Scan Security Function Policy Security Functional Requirement Shared-Medium Interface Secure Shell Security Target Standard Transport Layer Security Target Of Evaluation TOE Security Functionality TOE Security Policy Universal Serial Bus  Copyright 2013 Xerox Corporation. All rights reserved.
  • Page 83: Bibliography

    [B3] IEEE Std. 100, The Authoritative Dictionary of IEEE Standards Terms, Seventh Edition, New York, Institute of Electrical and Electronics Engineers, Inc. IEEE publications are available from the Institute of Electrical and Electronics Engineers, 445 Hoes Lane, Piscataway, NJ 08854, USA (http://standards.ieee.org)  Copyright 2013 Xerox Corporation. All rights reserved.